Import root Certificate Authority to Nokia N70 Mobile Phone

January 13th, 2007 | Categories: Hardware, Internet, Mobile, Security, SyncML | Tags:

Upon connecting to an untrusted SSL resource, the device will inform me that the SSL certificate which is automatically sent by the server is untrusted. For example when synchronizing the device with my SyncML server over an HTTPS URL, my Nokia N70 reports an untrusted SSL certificate at each connection.

I don't want to have to confirm the trust at each connection, so I set about to get my Certificate Authority's root certificate into the phone.

Knowing a bit about the topic, I imagined the Series 60 phone would prefer a DER-formatted certificate to a PEM-formatted one, so I converted by PEM certificate (often stored as a .crt or .pem file) into a DER format (often such files are named .der, or in the Microsoft world, .cer). I guessed it would be .cer, and it turned out my hunch was correct.

The conversion is simple if access to the OpenSSL tool chain is available:

$ openssl x509 -in jpmensca.crt -out jpmensca.cer -outform DER

This file I then transmitted via BlueTooth to the mobile device. Your mileage will vary here of course, but from my Windows notebook I used file transfer to do it. I simply dropped the jpmensca.cer file onto the OBEX file transfer folder. My device told me I had a message waiting for me,

and I then opened the message to find a message from the BlueTooth stack containing the attachment jpmens.cer file. As soon as it is opened, the mobile phone recognizes that it is a certificate and offers to import it.

After acknowledging that the new certificate might be insecure, I saved anyway and gave it a label with which to later identify it, then specifying the trust options for the certificate:

The certificate is then saved in the phone's certificate store.

To later view details of the certificate, revoke trust, or even delete the certificate, I use the security settings utility to access Certificate management which lists all the trusted certificates, and I can open mine of course.

Now I can connect to an HTTPS resource which is protected by SSL/TLS certificates I have issued myself.

  1. Peter Lindeman
    July 14th, 2007 at 01:32
    Reply | Quote | #1

    Very nice description, I was allready long looking for this, never could imagine it was so simple ;-)

    Thanks

  2. Nsrmgr ty
    July 1st, 2008 at 08:32
    Reply | Quote | #2

    From where to download this very certificate?

  3. J. Impens
    October 28th, 2008 at 19:24
    Reply | Quote | #3

    Thanks! Mailing the certificate to my Nokia N95 8gb and opening the attachment on the device was THE solution to get the phone to accept the certificate.

  4. July 1st, 2009 at 17:35
    Reply | Quote | #4

    thanks, very useful, I am trying to figure out this by myself, but didn't work out.

  5. iulius
    September 11th, 2009 at 10:14
    Reply | Quote | #5

    I'm trying to import the certifate of my exchange server, but the mobile phone (Nokia N97) don't recognize that is a certificate and don't offer to import it. extension is ".cer". I try and with ".p7b"

  6. rahul
    January 19th, 2010 at 18:57
    Reply | Quote | #6

    From where to download this very certificate..